repo-ingest
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill clones source code from external repositories to the local environment for analysis.
- Evidence: The command
git clone --depth 1 {url} /tmp/repo-ingest/{name}is used to fetch external content inSKILL.md. - [COMMAND_EXECUTION]: The skill uses shell commands to manage repositories and files, which could be misused if command arguments are improperly handled.
- Evidence: Use of
git clone,git log,cat,git checkout, andgit branchacross the mandatory steps inSKILL.md. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes content from external repositories that could contain malicious instructions.
- Ingestion points: External repositories are cloned and their documentation, README files, and source code are read by the agent as described in Step 2 of
SKILL.md. - Boundary markers: Absent. No specific delimiters or safety instructions are provided to distinguish between the skill's own logic and the data read from external sources.
- Capability inventory: The agent has access to tools for network cloning (
git clone), file reading (cat), and writing changes back to the local repository (git branch,git checkout). - Sanitization: Absent. There is no evidence of filtering or sanitizing the content read from external repositories before it is processed by the agent.
Audit Metadata